CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access (‘link following’) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-29962 Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory (‘path traversal’) in Azure allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
